From 71cb27836d6ddda01551f36ec255444c528e77b6 Mon Sep 17 00:00:00 2001 From: "Lubomir I. Ivanov" Date: Mon, 30 Sep 2019 23:52:01 +0300 Subject: [PATCH] kubeadm: delete boostrap-kubelet.conf after TLS bootstrap on init --- cmd/kubeadm/app/cmd/phases/init/waitcontrolplane.go | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/cmd/kubeadm/app/cmd/phases/init/waitcontrolplane.go b/cmd/kubeadm/app/cmd/phases/init/waitcontrolplane.go index ec6a4c04420..aa687fb8669 100644 --- a/cmd/kubeadm/app/cmd/phases/init/waitcontrolplane.go +++ b/cmd/kubeadm/app/cmd/phases/init/waitcontrolplane.go @@ -19,6 +19,7 @@ package phases import ( "fmt" "io" + "os" "path/filepath" "text/template" "time" @@ -100,6 +101,13 @@ func runWaitControlPlanePhase(c workflow.RunData) error { return errors.New("couldn't initialize a Kubernetes cluster") } + // Deletes the kubelet boostrap kubeconfig file, so the credential used for TLS bootstrap is removed from disk + // This is done only on success. + bootstrapKubeConfigFile := kubeadmconstants.GetBootstrapKubeletKubeConfigPath() + if err := os.Remove(bootstrapKubeConfigFile); err != nil { + klog.Warningf("[wait-control-plane] could not delete the file %q: %v", bootstrapKubeConfigFile, err) + } + return nil }